chore: update next path redirections with validation

2025-12-16 03:47:54 +01:00 · 2025-10-30 18:56:38 +05:30
parent 350107d6c1
commit 667fc7e3ab
3 changed files with 6 additions and 6 deletions
--- a/apps/space/core/components/account/auth-forms/auth-root.tsx
+++ b/apps/space/core/components/account/auth-forms/auth-root.tsx
@@ -40,8 +40,7 @@ export const AuthRoot: FC = observer(() => {
  const searchParams = useSearchParams();
  const emailParam = searchParams.get("email") || undefined;
  const error_code = searchParams.get("error_code") || undefined;
-  const nextPath = searchParams.get("next_path") || undefined;
-  const next_path = searchParams.get("next_path");
+  const next_path = searchParams.get("next_path") || undefined;
  // states
  const [authMode, setAuthMode] = useState<EAuthModes>(EAuthModes.SIGN_UP);
  const [authStep, setAuthStep] = useState<EAuthSteps>(EAuthSteps.EMAIL);
@@ -220,7 +219,7 @@ export const AuthRoot: FC = observer(() => {
          <AuthUniqueCodeForm
            mode={authMode}
            email={email}
-            nextPath={nextPath}
+            nextPath={next_path}
            handleEmailClear={() => {
              setEmail("");
              setAuthStep(EAuthSteps.EMAIL);
@@ -234,7 +233,7 @@ export const AuthRoot: FC = observer(() => {
            isPasswordAutoset={isPasswordAutoset}
            isSMTPConfigured={isSMTPConfigured}
            email={email}
-            nextPath={nextPath}
+            nextPath={next_path}
            handleEmailClear={() => {
              setEmail("");
              setAuthStep(EAuthSteps.EMAIL);
--- a/apps/web/core/lib/wrappers/authentication-wrapper.tsx
+++ b/apps/web/core/lib/wrappers/authentication-wrapper.tsx
@@ -4,6 +4,7 @@ import type { FC, ReactNode } from "react";
 import { observer } from "mobx-react";
 import { useSearchParams, usePathname } from "next/navigation";
 import useSWR from "swr";
+import { isValidNextPath } from "@plane/utils";
 // components
 import { LogoSpinner } from "@/components/common/logo-spinner";
 // helpers
@@ -55,7 +56,7 @@ export const AuthenticationWrapper: FC<TAuthenticationWrapper> = observer((props
    let redirectionRoute = "/create-workspace";

    // validating the nextPath from the router query
-    if (nextPath && isValidURL(nextPath.toString())) {
+    if (nextPath && isValidURL(nextPath.toString()) && isValidNextPath(sanitize(nextPath.toString()))) {
      redirectionRoute = nextPath.toString();
      return redirectionRoute;
    }
--- a/package.json
+++ b/package.json
@@ -46,7 +46,7 @@
      "unrs-resolver"
    ]
  },
-  "packageManager": "pnpm@10.12.1",
+  "packageManager": "pnpm@10.20.0",
  "engines": {
    "node": ">=22.18.0"
  }